1. Introduction
This Data Processing Addendum ("DPA") is incorporated into and forms part of the Privacy Policy for users ("User" or "You") of Complete Health Wellness Group LLC ("Company" or "We"). The DPA sets out the terms that apply when personal data is processed by the Company on behalf of the User. This document ensures our compliance with applicable data protection laws, and outlines our commitment to protecting personal data and providing transparency about our data practices.

​

2. Definitions
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: The entity that processes personal data on behalf of the Data Controller.
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation or set of operations performed on personal data, whether or not by automated means.

​

3. Processing of Personal Data

​

3.1 Scope and Purpose
Company will process personal data only to the extent necessary to provide the services described in our Terms of Service and Privacy Policy, or as otherwise agreed in writing. 

​

3.2 Instructions from Data Controller
The User, as the Data Controller, instructs the Company to process personal data as follows:
- Only in accordance with applicable laws.
- Only for the purpose of delivering our services.
- Only for the duration necessary for such purposes.

 

4. Confidentiality
We ensure that any person authorized to process personal data on behalf of the Company is bound by confidentiality agreements.

​

5. Security
The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to:
- Encryption of personal data
- Regular security assessments
- Access controls and authentication measures

​

6. Data Subject Rights
Where applicable, the Company will assist Users in responding to any request from Data Subjects to exercise their rights under applicable data protection laws (e.g., access, correction, deletion).

​

7. Sub-Processors
The Company may use third-party service providers (Sub-Processors) to assist in the provision of services. We will ensure these Sub-Processors only process personal data in accordance with this DPA.

​

8. Data Transfers
You acknowledge that we may process Users-of-Users Information anywhere in the world, provided that this processing complies with applicable Data Protection Laws, applicable Jurisdiction Specific Terms, and this DPA. Appropriate Safeguards for Cross-Border Data Transfers from the EEA, Switzerland, and the United Kingdom: We will only transfer Users-of-Users Information from the EEA, Switzerland, and the United Kingdom (“UK”) utilizing the necessary mechanisms to ensure that these cross-border transfers are compliant with applicable Data Protection Laws.
Onward Transfers to Sub-Contractors in Other Countries: Any onward transfer of Users-of-Users Information by the Company to a recipient acting on the Company's behalf located in a third country outside the EEA, UK, and Switzerland will be conducted by either: 1) Entering into the Standard Clauses or any similar mechanism approved by the competent authority in the EU, UK, or Switzerland; or 2) Ensuring other appropriate safeguards are in place pursuant to Article 46 of the GDPR or any equivalent provision in the applicable Data Protection Law.
Onward Transfers at Your Instructions: If the Company transfers Users-of-Users Information at your instructions to a third party that is not a sub-processor of the Company, or if you conduct such a transfer yourself based on an agreement with the third party (to which the Company is not a party), you will be solely responsible for ensuring that the transfer complies with applicable laws.
Amendment of Transfer Mechanisms: If the applicable transfer mechanism is amended, replaced, or invalidated, the Company will adopt any updated version of such a mechanism or an alternative mechanism endorsed by the relevant competent authority
 

9. Data Retention and Deletion
Upon termination of the services or at the written request of the User, Company will delete or return all personal data to the User unless further storage is required by law.

​

10. Audit Rights
The User has the right to audit the Company’s compliance with the provisions of this DPA. Audits may be conducted by an independent third-party subject to reasonable advance notice and can occur no more than once per year.

​

11. Liability
Company’s liability under this DPA is subject to the terms set out in the main agreement and applicable liability limitations.

​

12. Changes to this DPA
We may update this DPA from time to time in response to changing legal, technical, or business developments. We will notify the User of any significant changes.
 

13. Contact Information
For questions or concerns regarding this DPA, please contact us at:
Complete Health Wellness Group LLC 
Email: contact@chwellnessgroup.com  
Phone: (443) 367-1333  

**By using our services, you acknowledge that you have read, understood, and agree to be bound by this Data Processing Addendum.